An Ensemble Approach Towards Adversarial Robustness

06/10/2021
by   Haifeng Qian, et al.
0

It is a known phenomenon that adversarial robustness comes at a cost to natural accuracy. To improve this trade-off, this paper proposes an ensemble approach that divides a complex robust-classification task into simpler subtasks. Specifically, fractal divide derives multiple training sets from the training data, and fractal aggregation combines inference outputs from multiple classifiers that are trained on those sets. The resulting ensemble classifiers have a unique property that ensures robustness for an input if certain don't-care conditions are met. The new techniques are evaluated on MNIST and Fashion-MNIST, with no adversarial training. The MNIST classifier has 99 natural accuracy, 70 L2 distance of 2. The Fashion-MNIST classifier has 90 measured robustness and 28.2 Both results are new state of the art, and we also present new state-of-the-art binary results on challenging label-pairs.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
09/12/2019

Transferable Adversarial Robustness using Adversarially Trained Autoencoders

Machine learning has proven to be an extremely useful tool for solving c...
research
09/10/2019

Neural Belief Reasoner

This paper proposes a new generative model called neural belief reasoner...
research
12/07/2022

The BeMi Stardust: a Structured Ensemble of Binarized Neural Networks

Binarized Neural Networks (BNNs) are receiving increasing attention due ...
research
08/20/2021

Towards Understanding the Generative Capability of Adversarially Robust Classifiers

Recently, some works found an interesting phenomenon that adversarially ...
research
10/07/2021

Improving Adversarial Robustness for Free with Snapshot Ensemble

Adversarial training, as one of the few certified defenses against adver...
research
02/22/2018

L2-Nonexpansive Neural Networks

This paper proposes a class of well-conditioned neural networks in which...
research
10/10/2022

Certified Training: Small Boxes are All You Need

We propose the novel certified training method, SABR, which outperforms ...

Please sign up or login with your details

Forgot password? Click here to reset